One of the strengths of BizTalk 360 is its fine grained authorization module. It allows administrators to set fine grained authorization policy to users.
The below screen shots shows the various areas you can either grant or deny access to the user profiles. As soon as the user login, he can check his authorization level right on the home dashboard.
In this article, we will take a look at how a super user can restrict an user to access only selected applications in the environment. In our test environment there are 5 BizTalk applications deployed as shown in the below picture, in addition to the default BizTalk.System and BizTalk Application 1.
The task we are going to show here is, Mike Watson is one of the application support person and he only need access to LoanProcessorApplication and MortgageProcessorApplication. To accomplish this task, a super user (administrator) will access BizTalk 360, and click on the “setting” link at the top right hand corner, which will bring the settings home screen as shown below.
Depending on whether its he is going to modify the existing user or assigning a new user, he will select one of the options under “User Access Policy“. For this demo, we are going to select “Add New” which will bring the below screen.
The administrator can then enter the name of the domain and the user name (which is Mike Watson in our case) and select the applications (example LoanProcessorApplication and MortgageProcessorApplication) from the list and save the settings.
Now, when Mike Watson access BizTalk 360, on the home screen he can check his rights. As shown in the below picture, he is restricted to access only LoanProcessorApplication and MortgageProcessorApplication. And he also got very restricted access in the environment, he is not granted permission to access other parts of the system like BAM, Topology, Advanced Event Viewer etc.
His object navigator is going to look as shown below. As you can see one two applications are listed for his access and other parts of the system are not visible.
Fine grained authorization brings lot of advantages for the enterprise. The foremost reason is, security, the users can only view and operate (if granted) on applications (and suspended instances) they got access to. Also on the other hand it makes life easy for application support people, they are hidden away from unnecessary things, which are not related to their task.
Note: If in case you haven’t noticed BizTalk 360 is a web based (RIA) application, built using Microsoft SilverLight. The above screens are accessible via browser. There is no necessity to install anything on the client PC except Microsoft SilverLight.